home

downloadmanagersetup.exe

The executable downloadmanagersetup.exe has been detected as malware by 32 anti-virus scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download.
MD5:
72fdbf050b73265d39e157f43f8c561f

SHA-1:
dd3cbb10c1da88db25c3ce9a93337ae79dc29ae8

SHA-256:
6fd056b3418b792020aadfb682b057a30657d71e313081c0135fd2640c16193b

Scanner detections:
32 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
4/27/2024 3:43:12 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Sality.3
838

Agnitum Outpost
Win32.Sality.FA.Gen
7.1.1

AhnLab V3 Security
Win32/Kashu.E
2014.10.20

Avira AntiVirus
W32/Sality.AT
7.11.30.172

avast!
Win32:Sality
141003-0

AVG
Win32/Sality
2014.0.4040

Baidu Antivirus
Virus.Win32.Sality.$Emu
4.0.3.141019

Bitdefender
Win32.Sality.3
1.0.20.1460

Dr.Web
Win32.Sector.22
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
14.10.19

ESET NOD32
Win32/Sality.NBA virus
7.0.302.0

F-Prot
W32/Sality.gen2
4.6.5.141

F-Secure
Win32.Sality.3
11.2014-19-10_1

G Data
Win32.Sality
14.10.24

IKARUS anti.virus
Virus.Win32.Sality
t3scan.1.7.8.0

K7 AntiVirus
Virus
13.184.13727

Kaspersky
Virus.Win32.Sality
15.0.0.494

McAfee
W32/Sality.gen.z
5600.6972

Microsoft Security Essentials
Threat.Undefined
1.185.3705.0

MicroWorld eScan
Win32.Sality.3
15.0.0.876

NANO AntiVirus
Virus.Win32.Sality.yusp
0.28.2.62671

Norman
Sality.ZHB
11.20141019

nProtect
Win32.Sality.3
14.10.19.01

Qihoo 360 Security
Malware.QVM19.Gen
1.0.0.1015

Quick Heal
W32.Sality.U
10.14.14.00

Sophos
Mal/Sality-D
4.98

Total Defense
Win32/Sality.AA
37.0.11237

Trend Micro House Call
PE_SALITY.ER
7.2.292

Trend Micro
PE_SALITY.ER
10.465.19

Vba32 AntiVirus
Virus.Win32.Sality.bakb
3.12.26.3

VIPRE Antivirus
Threat.4734158
33706

ViRobot
Win32.Sality.N
2011.4.7.4223

File size:
760.4 KB (778,696 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\programs\downloadmanagersetup.exe

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:FaFdW2WgdnxmwWQNTrcLdyAIJeOuOplHLF975AMd91A4ZeLYWI9dGrwunfLouS1R:FaFYadGQNr+yAIvFpZe2Io8Hnj9S1L1

Entry address:
0x9C40

Entry point:
85, E8, 09, F9, 55, 68, E5, EB, 61, 00, 86, F3, E8, 0E, 00, 00, 00, 89, C7, 81, EF, 34, 30, EA, EC, 81, FD, 19, 0D, 00, 00, 84, E9, 69, FA, 84, A8, CD, 60, 73, 02, 88, D4, B8, 42, 18, 70, 34, F6, D4, 8D, 37, 09, F7, 8D, 0D, 34, 22, 8C, 49, 8B, EE, 89, C9, 33, D5, 8D, 35, 02, B8, F3, 5B, 78, 02, 86, D4, 8D, 0D, A9, 18, 00, 00, 81, E9, 17, 0C, 00, 00, 46, F7, C6, A3, ED, D4, 9F, 3B, CB, 78, 02, 86, E0, 81, E9, 01, 00, 00, 00, 76, 05, 0F, AF, C2, 86, F0, FE, C0, 0F, BF, D1, 81, F9, 22, 04, 00, 00, 73, D9, 5B...
 
[+]

Entropy:
7.8850  (probably packed)

Code size:
37 KB (37,888 bytes)

Remove downloadmanagersetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.